Your Cloud Needs a Sys Admin

I've attended a number of CloudCamps around the world, and the question as to whether systems administrators are relevant in the post-cloud world always seems to come up. Let's put this silly question to bed: your cloud needs a sys admin.

Programmers vs. Sys Admins

A mature IT ecosystem has both systems administrators and developers. While there's a lot of overlap in the more mundane skills of each, I've rarely seen good sys admins make good programmers. And I've rarely seen good programmers make good sys admins. The cloud, however, has a nasty habit of deluding programmers into thinking they no longer need sys admins.

Programmer interaction with the sys admin comes in the following flavors:

Working with a sys admin to plan an infrastructure for an application

Waiting on the sys admin staff to provision and configure infrastructure for the development process

Relying on the sys admin to keep a production system up and running

Programmers generally focus on interaction number 2—that's where the sys admin becomes a barrier to the programmer's getting their job done. If I need an Ubuntu server for a few days, why do I have to wait a month to get it? And why can't I have root access on that server? And whom do I have to bribe to open up that firewall port?

The cloud makes that sys admin barrier disappear for the programmer.

A programmer and a credit card can launch a server in the cloud. That programmer can use any operating system they want, have root access, and define any firewall rules they please. In fact, the programmer probably says, "Let's just open up port 22 to the world so we can access our servers from wherever we happen to be!"

The cloud also supports a level of automation—mostly the automation of tedious sys admin tasks—that can further encourage the programmer's belief that sys admins are superfluous in the cloud. After all, if enStratus will deploy your applications for you, secure the file system, make backups, and manage your users, what do you need a sys admin for?

Trust me, your cloud needs a sys admin.

Death by 1,000 Cuts

The programmer-managed infrastructure suffers from a death by a thousand cuts. The programmer is competent with technology and fully capable of setting up a system that can support the application being built. The programmer, however, lacks a detailed understanding of ongoing infrastructure management. Consequently, the programmer-managed infrastructure ultimately leads to an environment incapable of adjusting to changing demands and potentially opens vulnerabilities to hackers through discreet channels.

The reverse is true of the sys admins who fancy themselves programmers. They can craft Perl programs to do just about any task. Those programs, however, ultimately lack the solid architecture that programming skills provide.

Programmers Build Bad Machine Images

While tools like enStratus help you build secure machine images, building good machine images is still something only a sys admin can do. It takes years of experience with whatever your operating system is to tweak it to perform properly for the kinds of applications your company runs. A good sys admin knows that you need to get the packaged binaries for a certain software package on platform X, but you are better off compiling it from source on platform Y. A good sys admin has been staying informed about security alerts on operating systems components the programmer has never heard of. A good sys admin knows how to deploy applications securely on the operating systems they support.

Programmers Take Short-Cuts

I have seen programmers do a number of things in the cloud because they represent the path of least resistance to their core objective of creating an application:

Deploy applications under the root user ID

Open firewall rules to the world other than HTTP/HTTPS

Ignore the need for intrusion detection

Turning off cloud, OS, and enStratus alerts

These short-cuts expose the infrastructure to a risk that programmers typically do not fully appreciate.

Programmers Don't Track Sys Admin Trends

Programmers notoriously know just enough about the operating systems they are using to do what they need to do. Sure, they probably have 5 servers in their basement running 5 different flavors of Unix. That doesn't make them a sys admin.

Sys admins live and breathe hardware, the OS, and the network. They know the right feeds to follow to keep track of security alerts and advancements, and they know when to patch and when to let something slide. They also know how to manage the patching of production environments to minimize the impact on system uptime.

Tags:

You might also be interested in:

6 Comments

Fully agree in IaaS case (which I assume is what you are talking about).

For PaaS situations, I'd make two comments:

- the sysadmin needs a very different set of skills. Maybe a new breed to emerge, the SOA/PaaS/governance/Cloud/BSM/... sysadmin.

- the most efficient way to make developers actually write code that is easy to manage in deployment is for them to have skin in the game and be involved (at least in some form) in the management of the deployed app (rather than only caring about the next version).

I can not imagine a world without sys admins...and I am a developer. I am actually amazed that this question is being asked.

The two need to find a way to help each other as opposed to waiting for each other. I am lucky to work in an environment where that really is the case and that has certainly reinforced to me how important sys admins are.

I'm the opposite of Mike Horwath: I suck at sys admin, and need a Mike Horwath watching that side of the environment. Don't want to do it, don't want to think about it. I am all the reasons why your article is correct.

All that said... What would the sys admin do in the Cloud environment? If I need to make a case to management that we need a Cloud Admin, "I'm a lousy sys admin" doesn't persuade. If all I'm using the Cloud for currently is storage (Amazon S3), what services will the Cloud Admin provide?

I couldn't agree more with the statement that sysadmins are needed int he cloud. I can not tell you the number of times I've had a programmer associate of mine call for help on both the LAN and cloud side because they convinced their client that they could go it alone. Did you even noticed that convinced and conned are essentially the same thing. Anyway where was I, oh yeah and these programmer friends are in deep because now the site they launched is out performing the infrastructure they failed to design. They have no choice but to call out for backup.

Great article!

Thanks,
Mikel King

News Topics

Recommended for You

Got a Question?

Do you have a question about O'Reilly's products and services? Share an idea! Report a problem...